Friday, November 28, 2008

Just like any other shop (online or offline), we have opened up a sale just for you and only for this thanks giving 2008. Well, not really!!! We are releasing a new tool called GSAuditor and yes you can download this any day @ any point of time (starting from the day of release: Friday 28th Nov, 2008).

GSAuditor is in early stages of development, so if you encounter any bugs or request additional features. Contact contact.fingers @ gmail.com if you have any further questions.

PS: We do know that thanks giving was yesterday and the black Friday sale is done already. But sometimes, it takes time to realize that the vacation day has come to an end only when you are almost awake. Cheers !!!

We asked the following question to a gentleman from the infoSec community:"What would be one thing according to you that could change our community for its best?"

He looked around for a while, and then said:"When our community starts evaluating about 'what you know', more than 'whom do you know', then I am sure there is more opportunity for our community to auto-clean."

Thursday, November 27, 2008

NoVirusThanks offers a free online detection service that analyzes suspicious and malicious files for viruses/worms, Trojans/backdoor and all kinds of Malware that are not only detected by antivirus engines including bots, rootkits, etc.

NoVirusThanks also publishes a blog on analysis of new or weird Malware.

Wednesday, November 19, 2008

We are looking to bring in GUI programmers/developers for our tools. We are also in need of web developers (PHP), Script writers (Perl, Python, Shell), Driver Programmers, C/C++/Java/VB/.Net programmers, etc. If you are a developer/coder and you believe that you could do the work that is assigned to you with in the time YOU predict or allocate yourself, then kindly contact us at contact.fingers @ gmail.com

Kindly, email us your resume/cv/specifications (languages/tools/past-experiences/related links) for us to immediately take you into an appropriate task.

Why should you work for EvilFingers?You don't have to, but if you did then we can share our experiences and learn stuff from each other.

Monday, November 17, 2008

Interconnecting computers across the world to have the finest and free data share, that ensures lack or privacy, improves zombies lifetime and increases their count exponentially. Botnet also ensures that even if you do not efficiently use your memory or processing power, it would install itself and ensures that every botnet installed system would be most efficiently used to DDoS or DoS useless websites.

Sunday, November 16, 2008

An Indian(I) and an American(A) were in a conversation, "which country is technologically progressing for the past few centuries?"

'A' drove 'I' to Newyork and asked him to dig 1000 feet deep. 'A' then said, "this proves that we had wired communication a century ago". 'I' then took 'A' to India (Mumbai to be precise) and asked him to dig a hole until he finds something. 'A' dug hole, 4000 feet in depth. 'A' gave up and asked 'I', "what are you trying to prove?". 'I' then said, "For 4 centuries we have been using Wireless technology as our communication medium... Now, who is advanced in technology :)".

Hope you enjoyed...- EF

PS: This joke is based on an email that we received in chain/forwarded emails.

Saturday, November 15, 2008

We had an issue with the Sploits PCAP page. Our PCAPs had spaces in their names and unfortunately when reading the file to open, the file names were read only with the first word that came before the first space and showed it as a broken link. We had to change all PCAPs by filling it up with _ or deleting spaces. We now have a total of 304 sploit PCAPs(269 Web Browser sploit PCAPs and 35 Browser PCAPs).

If you find any missing links or if you find any bugs at all, please feel free to contact us at contact.fingers @ gmail.com

Wednesday, November 12, 2008

Rumor says that a news agency interviewed a terrorist on world terror. When they asked him the cause of such destructive actions, he responded that the creator is the destroyer.

The news reporter then said that the terrorist also mentioned that a well known organization "My Crow Soft" was also in the same position of creating an destroying technology and why couldn't the creator of creators do the same.

This security update resolves a publicly disclosed vulnerability in Microsoft Server Message Block (SMB) Protocol. The vulnerability could allow remote code execution on affected systems. An attacker who successfully exploited this vulnerability could install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

This security update is rated Important for all supported editions of Microsoft Windows 2000, Windows XP, and Windows Server 2003, and Moderate for all supported editions of Windows Vista and Windows Server 2008. For more information, see the subsection, Affected and Non-Affected Software, in this section.

The security update addresses the vulnerability by modifying the way that SMB authentication replies are validated to prevent the replay of credentials. For more information about the vulnerability, see the Frequently Asked Questions (FAQ) subsection for the specific vulnerability entry under the next section, Vulnerability Information.Recommendation. Microsoft recommends that customers apply the update at the earliest opportunity.Known Issues. NoneMicrosoft Security Bulletin MS08-069 – Critical (Vulnerabilities in Microsoft XML Core Services Could Allow Remote Code Execution (955218))

Executive Summary

This security update resolves several vulnerabilities in Microsoft XML Core Services. The most severe vulnerability could allow remote code execution if a user viewed a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

This security update is rated Critical for Microsoft XML Core Services 3.0 and Important for Microsoft XML Core Services 4.0, Microsoft XML Core Services 5.0, and Microsoft XML Core Services 6.0. For more information, see the subsection, Affected and Non-Affected Software, in this section.

The security update addresses the vulnerabilities by modifying the way that Microsoft XML Core Services parses XML content, handles external document type definitions (DTD), and sets HTTP request fields. For more information about the vulnerabilities, see the Frequently Asked Questions (FAQ) subsection for the specific vulnerability entry under the next section, Vulnerability Information.Recommendation. Microsoft recommends that customers apply the update immediately.

Known Issues. Microsoft Knowledge Base Article 955218 documents the currently known issues that customers may experience when installing this security update. The article also documents recommended solutions for these issues.

Tuesday, November 11, 2008

The kid answered, well terrorists cannot go there since it is too cold for them and the terrorist are from hot regions, or at least that is how people have described about terrorists, that they are people from warm or hotter countries/continents...

So option 1 is ruled out. Then the kid said, other states of US are close to each other and Alaska is way above their head to even think about... and it is way above the other states of US itself and hence option 2 is rules out.

Russians wouldn't pose a threat to Alaska. We asked the kid as to why Russians will not pose a threat. The kid says, well they were the ones who donated Alaska for a cheap bid...

And the kid asked us a question. Although option 4 is the right choice, why did you not add Sarah Palin...

Saturday, November 8, 2008

One fine morning, when 2 different people met under a single roof the following discussion took place:

John: Hello Sir!!! May I know the time please...Smith: Hey... It is 9AM and it is really cold for that :)

John: Yes indeed, I am really running to work to analyze the outbreak of a new virus today.Smith: Oh cool!!! So if you don't mind sharing, what are its specs... What is the vector? How many systems has it infected so far?

John: Sure !!! So far, it has affected our nervous system... Smith: Oh, you are a doctor... I am sorry, I thought you were talking about computer virus...

John: Oh yeah!!! It is a computer virus and it affected our nervous system, since we have been in terrible shock since the day we started analyzing it...Smith: Nice...

Friday, November 7, 2008

The President says, "Thank you EvilFingers for all your support and commitment in the elections." and we responded back saying "We did nothing!!!" and he responded "That is what I was talking about. Thanks for not doing anything."

Anyways, that was just a joke...

Our hearty congratulations to President Elect Obama. Whether he is Republican or Democrat, he is the President of the United States and we hope that he would be as neutral as his speech and works for the betterment of our world... God Bless America!!!

Saturday, November 1, 2008

Abstract: In this paper (Worm.Win32.Zhelatin.pk Reverse Engineering) we will analyze with a classical Approach the entire structure of Worm.Win32.Zhelatin.pk from the pure Infection starting with happy-2008.exe, which is a classical E-Card Malware spreaded through fake mails.

Abstract: CartellaUnicaTasse.exe is an e-mail spreaded Malware that acts as a Downloader Agent for other Malicious Executable Applications. Thanks to CUT.exe a series of executables are downloaded and runned into the victim user. In this paper we will analyze with a classical RCE Approach the entire structure of CartellaUnicaTasse from the pure Infection to the Network Point of View.

About Us

Evilfingers is a collection of individuals devoted to raising the bar in the field of information security. Evilfingers blog is offered to the greater information security community to help our colleagues analyze threats and to find solutions.RootkitAnalytics is a web portal to educate and protect our users from the current day rootkits around the world. Check out our Tweets to stay posted on what's happening at our end.

ISJobs is our InfoSec job portal/blog, where we list the new job openings to help our community. Help yourself to find a job by vising our blogs regularly.

Our Followers

Books we like...

Technology Partners - Malware Intelligence

Malware Intelligence is a research site dedicated to everything related to malware and crimeware in particular, and information security in general, focusing closely related to the field of intelligence.

Bugspy.net - Our New Technology Partner

BugSpy crawls the web in search of the latest bug reports in open source software. It tries to display only open bugs. I also tries to identify security bugs automatically.